Featured
Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams
Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.
An overview of 21 CFR Part 820 - quality systems for medical device manufacturers
What is 21 CFR Part 820?
21 CFR 820 is the FDA federal regulation that pertains to quality systems for medical device manufacturers, and it is part of the agency’s set of Current Good Manufacturing Practices (CGMP) for industry. Also referred to as the FDA’s quality system regulation (QSR), the regulation defines design controls and quality processes at all stages of device development in order to ensure that all medical devices marketed in the United States are safe and effective.
21 CFR 820 consists of 15 subparts, which define quality system requirements for each stage and function within the medical device manufacturing process. We define each subpart below.
Federal regulations are organized as Title → Chapter → Subchapter → Part, which means that 21 CFR 820 is short-hand for:
21 CFR 820 vs ISO 13485
ISO 13485 is the de facto international quality system standard for medical device manufacturers, but this is not currently the standard in the United States. While Part 820 and ISO 13485 are structured differently, they have no conflicting requirements. Therefore, companies that are marketing medical devices in the U.S. and in other markets will need to comply with both ISO 13485 and the FDA’s QSR, as defined in 21 CFR 820.
However, the FDA is moving towards harmonizing these standards, and on February 23, 2022 issued a proposed rule to amend the QSR to align more closely with the international consensus standard for Quality Management Systems, primarily by incorporating reference to the ISO 13485 standard. The FDA has published FAQ’s about the proposed rule.
21 CFR Part 820 Requirements
Part 820: General Controls (subpart A)
The General Controls subpart contains three sections providing general information about the regulation, including the scope and applicability along with key definitions.
Scope
The regulation defines current good manufacturing practice (CGMP) requirements governing the methods, facilities, and controls used for the “design, manufacture, packaging, labeling, storage, installation, and servicing of all finished devices intended for human use." Specifically, this subpart defines:
- Applicability:
The requirements of this regulation are intended to ensure the safety and efficacy of all finished medical devices intended for human use that are manufactured in or imported into the United States. Manufacturers that are involved in some, but not all, manufacturing operations should comply with those requirements that are applicable to the functions they are performing.
Exceptions:
- This regulation does not apply to manufacturers of medical device components, but such manufacturers are encouraged to use this regulation as guidance.
- Class I medical devices are exempt from the Design Controls defined in this regulation, except for those listed in § 820.30(a)(2).
- Manufacturers of blood and blood components are not subject to this regulation but are subject to Biologics good manufacturing practices as defined in Subchapter F, Part 606 of the regulation.
Definitions
This section of the regulation contains definitions for a number of terms used throughout the document. The following are the major definitions related to quality records:
- Design history file (DHF): A compilation of records that describes the design history of a finished device.
- Design input: The physical and performance requirements of a device that are used as a basis for device design.
- Design output: The results of a design effort at each design phase and at the end of the total design effort. The finished design output is the basis for the device master record. The total finished design output consists of the device, its packaging and labeling, and the device master record.
- Device history record (DHR): A compilation of records containing the production history of a finished device.
- Device master record (DMR): A compilation of records containing the procedures and specifications for a finished device.
Quality System
The section of the regulation sets the basic requirement for a quality system by stating that “Each manufacturer shall establish and maintain a quality system that is appropriate for the specific medical device(s) designed or manufactured, and that meets the requirements of this part.”
The term “appropriate” is used throughout this regulation and can be open to interpretation. A manufacturer, however, should assume that all requirements are appropriate and applicable except in cases where non-implementation of the requirement can be shown to have no effect on the product's specified requirements or ability to carry out necessary corrective actions.
Quality system requirements (subpart B)
This section of the regulation defines the overall responsibilities and the resources required for the management of the quality system.
Management responsibilities
Executive management is responsible for establishing a quality policy and ensuring adequate resources to effectively maintain and manage the quality system. In addition, management is responsible for establishing a specific quality plan, consisting of relevant practices, resources, activities, and procedures.
Quality audit
Periodic audits of the quality system are required to be conducted by personnel not directly responsible for the activities being audited. The dates and results of each audit need to be documented, along with the results of the audit. It is expected that corrective actions and, when necessary, reaudits, be performed for any identified noncompliances.
Personnel
Manufacturers are responsible for assigning sufficient personnel with appropriate experience and training to perform all tasks required by the quality system plan.
Design controls (subpart C)
Manufacturers of all class II and class III medical devices, along with the specific class I devices listed in paragraph (a)(2) of this regulation, are required to establish design control procedures that ensure design requirements are met as specified.
Design controls shall define:
- Design and development planning - Plans that describe the design and development activities, and responsibilities for these activities and their implementation.
- Design input - Procedures that ensure design requirements are appropriate and address the intended use of the device.
- Design output - Procedures that document design output, including acceptance criteria, so that conformance to design input requirements can be adequately evaluated.
- Design review - Formal and documented reviews of the ensign results that include participation from representatives of all.
- Design verification - Procedures for verifying the device design that confirm that the design output meets the design input requirements.
- Design validation - Procedures for validating the device design, ensuring that devices conform to defined user needs and intended uses, and including testing of production units under actual or simulated conditions.
- Design transfer - Procedures to ensure that the device design is correctly translated into production specification.
- Design changes - Procedures for identifying, documenting, validating, and managing the verification and approval process of all design changes before they are implemented.
- Design history file - A design history file (DHF) is required for each type of device and should include or reference the records necessary to demonstrate that the design was developed in accordance with the approved design plan and device requirements.
Document controls (subpart D)
Medical device manufacturers are required to put in place document controls for all documents required in this regulation.
Document approval and distribution
One or more people must be assigned to review and approve documents prior to issuance. The approval must be documented, include a date and the signature of the approver, and be made available at all locations where applicable. Procedures must also be in place to ensure that obsolete documents are removed and/or prevented from being used.
Document changes
Similar to document approval procedures, changes to documents must be approved, reviewed, and documented. Records of all changes must be maintained.
Purchasing controls (subpart E)
To continue reading this Regulatory Brief, including a definition of the remaining subparts and a comparison of 21 CFR 820 to ISO 13485, please download the full brief.
CE marking guide for medical devices in the EU
This article is an excerpt from the CE marking guide for medical devices in the European Union.
Table of Contents
- What is CE marking?
- Why is CE marking important?
- CE marking responsibilities
- What countries require or accept CE marking?
- Which medical devices require a CE mark?
- Technical documentation
- What are the costs associated with CE marking?
- How do you apply the CE marking?
- CE mark and UDI
- Does the CE mark expire?
- Do I need to CE mark my software?
- Final steps
CE marking is a symbol that consists of “CE, “ which is the abbreviation of the French phrase "Conformité Européene" meaning "European Conformity". The term initially used to describe “CE” was "EC Mark" but it has officially been replaced by "CE marking" according to the EU Directive 93/68/EEC. CE marking is used in all EU official documents, although you will still see "EC Mark" being used in common language. If you are using EC Mark in your documentation, you should change that terminology to CE marking in the future.
The letters ‘CE’ appear on many products traded on the Single Market in all the member states of the European Union plus Iceland, Liechtenstein, Norway and Switzerland. Simply put, The CE mark is a mandatory compliance mark, informing the consumer that the product is compliant with all applicable EU directives and regulations where the CE mark is required.
The Single Market was established in 1993 and is still considered one of the most significant achievements of the European Union. The main goal was to ensure the movement of goods and services freely within all the member states and to establish high safety standards for consumers. The CE mark indicates that goods and services do not need to be verified when shipping into another member country. To further support this movement, in April 2011, the Single Market Act was established to boost growth and strengthen confidence in the economy even further.
CE marking is required for many types of products, not just medical devices. The CE symbol can be found on bicycle helmets, toys, laptop batteries, wheelchairs, construction equipment, gas appliances and cell phone chargers - to name a few. CE marking is required for products manufactured anywhere that are sold in the EU, and only for those products for which EU specifications exist and require CE marking. The CE marking signifies that the product has been found to meet the general safety and performance requirements (GSPRs) of the European health, safety and environmental protection legislation and allows the product to be sold in the EU.
Manufacturer responsibilities for CE marking
Medical device manufacturers are responsible for properly and legally CE marking products before they leave the warehouse.
Most Class II and III medical devices, along with IVDs and some Class I devices, require a conformity assessment performed by a Notified Body to ensure that all legislative requirements are met before it can be placed on the market. Manufacturers of most Class I devices can self assess conformity. This process needs to demonstrate that all the legislative requirements are met, including any testing and inspections, and that all necessary certifications are obtained.
The European Commission lists 6 steps that manufactures should follow to affix a CE marking to their devices:
- Identify the applicable directive(s) and harmonized standards - see EU standards for Medical Devices, In Vitro Diagnostic (IVD) devices, and Implantable Medical Devices.
- Verify product specific requirements using the essential principles identified in the above standards.
- Identify whether an independent conformity assessment by a Notified Body is necessary. Notified bodies will be required to verify compliance with relevant Essential Requirements for most medical devices classified as IIa, IIb, or III - along with sterile class I devices. See the Notified and Designated Organization (NANDO) database for available notified bodies.
- Test the product and check its conformity.
- Create and keep available the required technical documentation.
- Affix the CE marking and create the EU Declaration of Conformity.
Importer responsibilities for CE marking
If you are importing medical devices into the EU, it is your responsibility to review all the technical documentation and maintain a copy, or to make sure that it’s available to you upon request.
You should verify:
- That the device has been CE marked and that the EU declaration of conformity has been completed.
- That the manufacturer has designated and established an authorized representative.
- That the device is labeled appropriately and contains instructions for use (IFU).
- When applicable, that a UDI has been assigned to the product.
- Whether or not the product is registered in EUDAMED (registration is currently voluntary).
Take action:
- List your name and address on the device or packaging, in addition to the manufacturer’s information.
- Keep records of complaints, non-conformities, recalls, etc. on file.
- Report any noticed non-conformity or product complaints from end users to the manufacturer and authorized representative immediately.
- Maintain a copy of the EU declaration of conformity and any other relevant certificates.
Distributor responsibilities for CE marking
If you are a distributor, you are responsible for reviewing the technical documentation provided to you so that you can verify the product is safe to put on the local market. You must also be sure the product is labeled correctly with the CE marking symbol clearly visible. The technical file documentation contains all of the information that is necessary to show conformity of the product to the applicable requirements.
You should verify:
- That the device has been CE marked and that the EU declaration of conformity has been completed.
- That the device includes all the appropriate labeling, including instructions for use.
- That if imported, the importer has complied with all the EU regulations.
- When applicable, that a UDI has been assigned to the product.
Take action:
- Report any noticed non-conformity to the manufacturer, importer, and authorized representative immediately.
- If a product appears to be out of compliance to the regulations and could pose a serious risk, the information should be reported to the Competent Authority, and to the manufacturer, importer and authorized representative.
- Any complaints or reports from end users about the product should be reported to the manufacturer and, if necessary, to the importer and authorized representative.
Important note: If the importer or distributor markets the product under their own company name, then they become responsible for CE marketing, and take over that role from the manufacturer.
CE marking is mandatory when importing products into the European Union, which is part of the larger European Economic Area (EEA). The EEA Agreement, established in 1992 and made official in 1994, is an international agreement that enables the extension of the European Union’s single market to non-EU members. It consists of the 27 EU countries plus the four European Free Trade Association (EFTA) countries - Iceland, Liechtenstein, Norway and Switzerland. Today, the EFTA has 29 Free Trade Agreements (FTAs) with 40 countries and territories outside the EU. Because these countries operate in the single market, this allows free movement of goods and services across all of the EEA.
Source: European Environment Agency (EEA).
All medical devices sold in the EU require a CE mark. While a CE mark is not required for items such as chemicals and pharmaceuticals, it can be required for combination devices and medical device software. For these two situations, how do you know if your product requires a CE mark?
To continue reading this ebook, including an overview of CE mark costs, and the associated technical documentation/general safety and performance requirements (GSPRs) that manufacturers are required to maintain please register to download the full version
How Smith & Nephew Repositioned Regulatory as a Strategic Commercial Partner
Smith & Nephew is a global medical device manufacturerwith a broad portfolio spanning orthopedics, sports medicine, and woundmanagement, sold and registered across markets worldwide. Before Rimsys,regulatory data was scattered across spreadsheets, shared drives, anddisconnected systems.
When Smith & Nephew selected Rimsys, they deployed itenterprise-wide from day one. Executive reporting moved from manual fire drillsto real-time dashboards. Change impact assessments became faster and moreconsistent. The regulatory team made the shift from reactive compliancefunction to strategic partner to the business.
The Challenge
Regulatory data at Smith & Nephew lived in multiplespreadsheets, shared drives, SharePoint sites, emails, and disconnectedsystems. Without a centralized record, the team could not reliably trackregistration timelines, measure on-time submissions, assess change impacts, orunderstand the downstream impact of product changes across markets. Preparingexecutive reporting meant manually assembling data from multiple sources, aprocess that consumed time and introduced risk each time.
The Solution
Smith & Nephew selected Rimsys for its configurable, notcustomized, platform: an intuitive user interface, centralized submissionmanagement, robust metrics, change assessment capabilities, and UDI supportwith machine-to-machine transmission. Rimsys’ interconnected modulearchitecture linked products, registrations, projects, change assessments, andUDI in a centralized location.
Rather than piloting in one business unit, Smith &Nephew deployed Rimsys across the entire regulatory organization from day one.The decision was deliberate: a partial deployment would have preserved thefragmentation. Enterprise-wide adoption established consistent metrics,standardized processes, and a single source of truth from the start.
The Results
Executive and board reporting, previously built from manualdata pulls, now flows directly from Rimsys in real time. What had been adisruptive, recurring effort is now a routine view. Leadership has thevisibility to make faster, more confident decisions, and the regulatory team isno longer pulled into reporting fire drills.
Change management has also been transformed. Direct linkagebetween products, registrations, and projects means impact assessments arefaster and less dependent on individual knowledge. UDI operations havesimilarly improved: machine-to-machine transmission has reduced manual uploadsand centralized DI record visibility supports global UDI requirements.
The most significant shift is strategic. With centralizedregulatory intelligence and real-time data, Smith & Nephew’s regulatoryteam now actively supports commercial planning: informing budget cycles,guiding renewal and launch sequencing, and advising on regulatory pathways toaccelerate market entry. Regulatory is no longer a downstream compliancefunction. It is a business partner.
Smith & Nephew now runs four modules across its RIM operation:
- Registrations— Centralized license tracking across 250 countries and 30+ business units
- Change Assessments— Direct product-registration linkage for faster, consistent impact assessments
- Executive Reports— Real-time dashboards replacing manual data pulls and board reporting fire drills
- UDI— Machine-to-machine transmission reducing manual uploads across global markets
Take this to your team
If you’re evaluating how to modernize RIM operations at scale, the Smith & Nephew case study is a practical reference to share internally. It covers the full implementation story, module breakdown, and results data in a format built for stakeholder conversations.
How Philips Scaled Active Product Registrations More Than 20x
Philips Healthcare operates one of the largest regulatory portfolios in global MedTech: products registered across 250 countries, with a footprint that grows with every acquisition. Before Rimsys, that complexity was managed through email and spreadsheets. Submission packages moved through inboxes with no audit trail, no performance data, and no reliable view of where products were authorized to ship.
Philips selected Rimsys in 2022 as the enterprise RIM platform to bring regulatory order to that complexity. Since go-live, active product registrations have scaled more than 20x, user adoption has doubled in the last six months, and the regulatory affairs function now operates from a single source of truth spanning the entire enterprise.
The Challenge
Without structured data, Philips could not measure regulatory performance, track license expiration across the portfolio, or identify where submission work was stalling. Every acquisition made it worse: incoming business units arrived with their own workflows and systems, absorbing more fragmentation rather than resolving it.
The Solution
Philips evaluated multiple platforms against requirements built with both market-facing and business regulatory affairs teams. Rimsys won on two dimensions: an interface that made complex product and registration data immediately visible, and more enterprise-ready features than competing platforms at the right price point.
Philips went live with Rimsys Registrations and Submissions modules in July 2022. The team deployed platform experts for train-the-trainer sessions and launched regular drop-in sessions where users could ask questions and surface issues. Standing up a dedicated Regulatory Operations team focused exclusively on rest-of-world registration accelerated adoption further.
When an early business unit pushed back on workflow efficiency, Philips and Rimsys worked through it together. A hands-on process walkthrough identified exactly what needed to change, a resolution plan was shared, and that transparency and collaboration became the foundation for sustained user buy-in across the enterprise.
The Results
Since go-live, Philips has scaled active product registrations more than 20x, with further growth already underway. What started as a single deployment now spans 30+ business units across 250 countries, with Rimsys serving as the single source of truth for regulatory data across the enterprise, including businesses acquired since implementation.
For the first time, Philips can measure its own regulatory performance. KPIs flow directly from the platform, giving leadership real-time visibility into registration health. When anomalies surface, they drive data correction and user training, closing gaps that previously went undetected until they affected revenue.
Now with Rimsys AI-assisted Submissions and Regulatory Intelligence now in use, Philips expects to accelerate further: reducing administrative burden so skilled regulatory professionals can focus on strategy.
Philips now runs four modules across its RIM operation:
- Registrations— Centralized license tracking across 250 countries and 30+ business units
- Submissions— AI-assisted submission workflows replacing email-based package management
- Intelligence— Real-time KPI dashboards giving leadership visibility into registration health
- Standards— Essential Principles and standards tracking aligned to global market requirements
Take this to your team
If you’re evaluating how to modernize RIM operations at scale, the Philips Healthcare case study is a practical reference to share internally. It covers the full implementation story, module breakdown, and results data in a format built for stakeholder conversations.
.avif)
What RAPS Euro Convergence 2026 Told Us About the Future of MedTech Regulation
Last week, the MedTech regulatory community gathered in Lisbon for RAPS Euro Convergence 2026: nearly 100 sessions, hundreds of professionals, and one overriding theme: transformation.The European regulatory landscape is shifting faster than it has in two decades, and the pressure is on every RA team to keep pace.
We were there. And here is what we took away.
The Dominant Signal: Change Is Accelerating
For MedTech manufacturers, the immediate reality is demanding. MDR 2.0 is advancing. The EU AI Act is creating new compliance obligations for software-enabled devices. EUDAMED continues to mature. And teams are being asked to absorb all of this while still meeting existing registration and renewal deadlines.
The practical implication is clear: RA functions that rely on manual tracking, disconnected spreadsheets, and tribal knowledge are being outrun by the pace of change. Across the industry, teams are moving from talking about AI to actively experimenting with it, using it to handle the volume and complexity that manual processes simply cannot absorb. The teams emerging as strategic forces are the ones who have connected, real-time regulatory infrastructure and are putting AI to work within it.
AI Is No Longer Optional Thinking
The conversation at Euro Convergence made one thing clear: AI has moved from future-state to present-tense. Regulatory professionals were encouraged to embrace AI while maintainingaccountability for the outcome and challenging the algorithms.
" Our role is to make sure that the AI does the right interpretations appropriate to our products, to our business."
— João Martins, Director of Regulatory Affairs at Abbott at RAPS Euro Convergence 2026 Opening Plenary
That framing resonates deeply with how we have built AI into Rimsys. The goal was never to replace regulatory judgment; it is to amplify it. Rimsys AI is domain-specific, built on the regulatory data structures and logic that reflect real-world requirements, country-specific nuances, and product context. It proposes, analyzes, and alerts. Your team reviews, approves, and decides.
For teams that are ready to accelerate, Rimsys AI accelerates regulatory intelligence monitoring and submission authoring, removing the repetitive, detail-heavy work so skilled professionals can focus on strategy, market expansion, and the higher-order decisions that increasingly complex regulations demand.
"As future regulators, we will need to be scientifically strong, comfortable with complexity, open to innovation, and also be able to work in increasingly complex environments."
— Rui Santos Ivo, President of Portugal's National Authority of Medicines and Health Products (INFARMED) and chair of the EMA management board, RAPS Euro Convergence 2026 Opening Plenary
MDR 2.0: Reform With Guardrails
A panel of experts representing regulators, industry, and notified bodies gave their views on the proposed revision of the EU Medical Device Regulation at the conference. While their sentiments were largely supportive, notified body representatives urged the European Commission to maintain proactive surveillance of devices to protect patients.
The discussion acknowledged the complexity of balancing reform with patient safety. Simplification and innovation go hand in hand, though if it is overly complicated or overly simplified, it becomes difficult to innovate. Structured dialogues in MDR/IVDR will provide transparency and predictability for manufacturers, especially in early product development.
Regulatory Workflows Cannot Be an Afterthought
A recurring observation across sessions was that MDR 2.0, EUDAMED, and the EU AI Act are only as effective as the operational workflows behind them. Structured dialogues, risk-proportionate pathways, and submissions all require teams to move quickly with accurate, up-to-date product data. That is simply not possible when that data lives across email threads, spreadsheets, and disconnected systems.
The workflows that came up most in Lisbon (change control, renewals, new product introductions, and registration management) are exactly the areas where manual processes create the most risk. A missed renewal. A design change that triggers 40 country-level impact assessments with no system to coordinate them. A registration record that no one has updated since the last audit.
Rimsys keeps these workflows connected and proactive. Renewal expiration reminders fire before deadlines become a risk. Change control impact surveys are configurable to your SOPs, so teams can assign tasks and coordinate work across regions without relying on someone to manually track progress. New product introductions move faster because previous submission content can be reused across markets. Target market data, registration history, and approval status are already centralized, so teams are building on existing work rather than starting from scratcheach time.
The result is regulatory operations that reduce time to market by weeks to months, not add to it. Access information in seconds rather than hours. Regulatory release authorization in minutes rather than weeks. More than 90% reduction in regional regulatory reporting time. These are not projections. They are outcomes reported by Rimsys customers operating in exactly the kind of complex, multi-market environments that dominated the conversation in Lisbon.
The Regulatory Professional Is Evolving
Perhaps the most striking thread across sessions was the evolution of the RA function itself. Regulatory work was once seen mainly in terms of compliance procedures and submissions. Today, the profession is much broader than that.
This evolution is exactly the transition Rimsys is designed to support. When regulatory data is centralized, connected, and visible in real time, RA teams stop spending their days chasing down registration status and start contributing to commercial strategy: market expansion decisions, launch sequencing, change control planning, and executive-level risk communication.
The heart of regulatory operations is not a filing cabinet. It is a living, connected system that elevates the entire function.
What It All Points To
RAPS Euro Convergence 2026 made one thing clear: the organizations that will thrive are those who have invested in regulatory infrastructure that can absorb change without breaking. Rimsys is the platform built for exactly this moment: enterprise-grade, intuitive enough for global teams to actually use, and trusted by 6 of the top 12 global MedTech manufacturers worldwide.
Rimsys Launches the Regulatory Execution Engine for MedTech
Spring 2026 embeds submission authoring, AI-powered regulatory monitoring, and configurable impact workflows inside a single RIM platform, the first step toward Rimsys' AI vision for global regulatory operations.
PITTSBURGH, PA, May 5, 2026 – Regulatory Information Management (RIM) software was built to store records. That foundation has served its purpose and reached its limit. Today, Rimsys announces the Spring 2026 release: a platform designed not to hold regulatory data, but to execute on it.
Submission volumes are growing. Markets are multiplying. Regulatory change is accelerating. Spring 2026 gives regulatory teams the tools to keep pace: embedded authoring, reusable submission content, configurable impact workflows, and AI-powered intelligence, all inside a single platform.
"Our vision for Rimsys is a platform that makes regulatory expertise go further, companies move faster, and products reach more markets than any team could accomplish alone. Spring 2026 is another meaningful step toward that vision. We are embedding the tools and intelligence that allow regulatory affairs professionals to operate at a different level, doing more strategic work, entering markets faster, and staying ahead of regulatory change rather than reacting to it. What we are building next makes this release the starting line." – James Gianoutsos, CEO
What Spring 2026 Delivers
A brand new website that provides in-depth information about the Rimsys offering and the benefits to MedTech manufacturers, including details on these new products:
Intelligence: AI-Powered Regulatory Monitoring
Rimsys Intelligence provides access to regulations, guidance documents, safety alerts, and legislation across more than 90 countries. AI triage and prioritization surface the updates most relevant to each customer's specific products and markets, eliminating hours of manual surveillance and putting the right information in front of the right people.
When a change requires action, teams can move directly from regulatory signal to impact assessment without a manual handoff. Intelligence represents Rimsys' first production deployment of context-aware AI operating across a customer's live regulatory data, a foundation that will expand significantly in future releases.
Advanced Submissions: A Unified Submission Execution Workflow
Advanced Submissions consolidates everything required to create, manage, and publish a regulatory submission into a single workflow inside Rimsys, eliminating the disconnected tools, manual reformatting, and version fragmentation that have defined submission work for too long. Three capabilities anchor it:
Rimsys Editor
The Rimsys Editor is the cornerstone of Advanced Submissions and the most significant capability in this release. It brings word-compatible authoring and editing natively inside Rimsys, fully compatible with Microsoft Word®, allowing regulatory teams to create, co-author, review, and publish submission content without leaving the platform for the first time.
The Editor supports real-time co-authoring, tracked changes and redlining, rich content including tables and images, document comparison, and PDF publishing with standardized headers, footers, and company branding applied automatically. AI-assisted authoring is available as a configurable option, enabling teams to summarize, refine, expand, and translate content within their workflow. Rimsys AI is human-in-the-loop by design.
Universal Submissions
Universal Submissions enables teams to build from a single universal template (an IMDRF Technical Document) with content automatically mapped into market-specific templates. One master structure, many markets, without rebuilding from scratch.
Reusable Submissions
Reusable Submissions takes a completed submission from one market and uses it as the starting point for a new one. The system automatically maps content into the target market's template, carrying applicable sections forward reducing the content creation time up to 90% and compressing the time required to enter each additional market.
Configurable Impact Surveys: Governed Change Assessment at Scale
Impact Surveys are now fully configurable. Templates can be defined for specific change event types, tied to countries or registrations, and triggered automatically from Rimsys Intelligence findings replacing ad hoc assessments with repeatable, governed workflows. This integration creates a direct line from change event to regulatory scope, with results tracked in a single audit-ready trail.
A Platform Built for What's Next
Spring 2026 establishes more than a set of new capabilities. It establishes the execution infrastructure, structured data model, and embedded AI foundation on which Rimsys' longer-term vision is being built.
That vision: a world where regulatory experts are amplified by intelligence, not constrained by information. Where the knowledge required to enter a new market, interpret a regulatory change, or scope a submission is instantly available to every member of the team. Where regulatory operations scale not by spreading experts thin, but by giving them tools that multiply their impact.
Spring is the first production step in that direction. Every submission authored inside the platform, every intelligence signal triaged by AI, and every impact assessment connected to structured regulatory data deepens the foundation. Future releases will build on it directly, expanding AI capabilities, automating more of the regulatory workflow, and ultimately enabling teams to do work that today requires external expertise to be done inside Rimsys.
Regulatory Execution as a Business Lever
Spring 2026 is built to move metrics that matter: reduced submission cycle time variance, improved approval predictability, lower marginal effort per market, and increased team capacity without proportional headcount growth. For executive leadership, earlier approvals translate directly into faster market access and accelerated revenue recognition.
Availability
Spring 2026 is now Generally Available. Existing customers on the Organizer product will retain access to their current experience.
To learn more about the Spring 2026 release and how Rimsys can accelerate your regulatory operations, visit rimsys.io or contact your Rimsys representative.
About Rimsys
Rimsys is the heart of regulatory operations for the medical device industry and the platform at the center of an AI-driven transformation in how regulated products reach global markets. A living, connected regulatory platform, Rimsys keeps regulatory intelligence, product data, approvals, and change management continuously connected, enabling organizations to expand into global markets with speed, precision, and confidence. Enterprise-ready yet intuitive to use, Rimsys is trusted by 6 of the top 12 global MedTech manufacturers to accelerate time to market and scale regulatory operations worldwide. To learn more, visit rimsys.io.
Media Contact
rimsys.io
The Real Cost of “We’ll Build It Ourselves”
If you are reading this from inside a large MedTech organization, you may be thinking: we have ten times the engineering staff. Why can’t we just build this ourselves?
We-Should-Just-Build-This-Ourse…
It is a fair question.
But software has a well-known paradox. Adding more people to a complex project does not make it go faster. It usually makes it go slower. More coordination. More handoffs. More meetings about meetings. More surface area for misalignment
A large IT organization is optimized for breadth — supporting dozens of systems, managing infrastructure, keeping the lights on across the enterprise
That is valuable work.
But it is fundamentally different from building and sustaining a deep vertical product over a decade.
The people on your team have day jobs. They run devices through regulatory pathways, manage quality systems, support manufacturing, and commercialize products globally
Building a regulated platform is not a side quest.
It is a second company
What the Numbers Actually Look Like
When people compare license fees to internal builds, they stop at the wrong baseline
The real comparison is:
Licensing a specialized platform
versus
Standing up and operating a regulated software company inside your enterprise
Product management.
UX research.
Engineering.
Regulatory SMEs.
Validation and QA.
Security operations.
Compliance programs.
24/7 support.
Infrastructure.
Multi-year modernization
AI makes some of that faster.
It does not make any of it optional
With a specialized vendor, that investment is amortized across an entire customer base.
With an internal build, the full long tail of ownership falls on you
And most of that spend ends up recreating the 80 percent that has already been solved — all because someone decided the remaining 20 percent justified building from scratch
The return on that 20 percent rarely survives honest scrutiny.
The Questions That Should Keep You Honest
It is easy to get excited about how fast something can be built.
The harder exercise is asking what happens in year three, year five, year eight
When your VP of Regulatory Affairs leaves, who maintains validation documentation?
When regulations change across jurisdictions simultaneously, who redesigns workflows and pushes a validated release before the deadline?
When an auditor asks for change control history and disaster recovery test results, who is accountable?
Internal initiatives often stumble not because engineers cannot prototype, but because sustaining them for a decade is brutally hard
Sponsors move on. Budgets change. Teams reorganize.
Regulatory systems do not get to pause.
They must remain inspection-ready through acquisitions, divestitures, and leadership turnover
Systems of record are commitments, not experiments
AI Changed the Tools, Not the Gravity
I am genuinely excited about what AI enables. It will reshape regulatory operations, reduce headcount growth, compress timelines, and raise expectations for every vendor in this space
What it has not done is repeal gravity.
Most of what AI replaces today is busy work. That is enormously valuable. But busy work was never the strategic bottleneck
The hard parts remain.
- Deciding submission strategy.
- Interpreting regulator feedback.
- Designing defensible workflows.
- Staying inspection-ready.
- Running global rollouts
Agents help teams move faster.
They do not decide what is safe, defensible, or durable
In MedTech, software is not just built.
It is designed, governed, operated, and defended
And gravity still applies.
Day Zero Is Easy. Day One Is Where It Gets Hard
There is something I keep coming back to in these conversations.
You can go from idea to prototype incredibly fast right now. That is the day-zero problem, and AI has essentially solved it. You can spit out working code, scaffold an integration, and stand up a proof of concept in a week
But the nuance around an actual business workflow — the day one and beyond activities — those are dramatically harder than day zero ever was
Software engineering done well is craftsmanship.
There is more to it than generating code and turning a prototype into something a regulated enterprise can depend on. It means thinking about edge cases, failure modes, upgrade paths, observability, and long-term operability. It means deleting as much as adding. Simplifying interfaces. Collapsing concepts down to what actually matters
Inside my own teams, I see impressive first versions all the time.
That is not the hard part anymore.
The hard part is everything that comes after
We-Should-Just-Build-This-Ourse…
Faster Engineering Just Pushes Work Somewhere Else
There is a tradeoff that rarely makes it into the first ROI spreadsheet.
AI compresses build cycles. In regulated companies, that speed shows up downstream. More releases mean more validation, more SOP updates, more training, more compliance review, and more audit prep
Engineering gets cheaper.
Governance becomes the constraint
There is also a subtler version of this problem.
Agents make it easy to generate output at scale. More workflows. More automation. More code.
But in regulated environments, every new service or automation path increases surface area. More things to secure. More things to validate. More things to explain to auditors
Speed without discipline creates complexity faster.
For CTOs, that is an architectural concern.
For Regulatory leaders, that is an inspection risk.
Are You Trying to Be a Software Company?
This is the part of these conversations that most often gets skipped.
A MedTech company is not a software shop. Most are largely outsourced IT organizations, and there is nothing wrong with that. The core business is devices, science, R&D, manufacturing quality, clinical programs, and global commercialization
When internal teams talk about building major regulatory platforms, the question is not whether they can spin up a prototype.
It is whether they want to operate a full-time software company inside their enterprise
Building software at scale is a people problem. It is not a technology problem. The constraint is coordination, judgment, institutional knowledge, and sustained focus over years
The people problem does not get fixed by agents and AI.
Regulatory platforms are deeply vertical. They encode jurisdiction-specific rules, regulator expectations, submission templates, QMS integrations, inspection trails, and post-market obligations
That knowledge is earned slowly.
It lives in product decisions, data models, operating procedures, and support playbooks.
AI will reshape how these platforms evolve.
It does not remove the learning curve that created them
